<?php
include("conexion.php");
$nombre= htmlspecialchars($_POST['nombre']);
$contrasena= md5($_POST['contrasena']);
$con = mysql_connect($host,$user) or die ("error en la conexion");
mysql_select_db($db,$con);
$sql = mysql_query(
       "SELECT * FROM usuario
        WHERE nombre='$nombre' AND
        contrasena='$contrasena'
        LIMIT 1"
    );
if(mysql_num_rows($sql) == 1){
        $row = mysql_fetch_array($sql);
        session_start();
        $_SESSION['nombre_s'] = $row['nombre'];
        $_SESSION['correo_s'] = $row['correo'];
        $_SESSION['nivel_s'] = $row['nivel'];
        //$_SESSION['logged'] = TRUE;
        //header("Location: users_page.php");
		if ($_SESSION['nivel_s'] == "ADMINISTRADOR")
{
    header("Location: administrador.html");
	exit;
}else{
	header("Location: menu2.html");
	exit;
}
		
    } else {
       header("Location: index2.html");
		exit;
    }
?>
